[CalendarServer-users] calendarserver on debian via nss and kerberos
marco ghidinelli
marco.ghidinelli at turboden.net
Wed Mar 4 03:04:09 PST 2009
On Tue, Mar 03, 2009 at 02:14:34PM +0100, Georg Troska wrote:
> Hi,
> I was able to do it with Ubuntu Intrepid.
>
> Kerberos works. NSS not at the moment. I wrote a script that runs via
> cronjob creating a xml-file from LDAP for the user information.
> I'm still working on the NSS thing.
>
> Use account.xml with no password and loginnames that are of the same
> kind than in your kerberos database. Make sure that your keytab is
> readable by caldavd and use lowercase http/ (not HTTP/) for the
> principal entry.
> Kerberos based login are depending on your client as well. Which one are
> you using?
>
> Georg
I followed your idea, and now i'm trying with a generated account.xml
with kerberos authentication.
it still doesn't work, but with a more verbose error: here is the log.
2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] Log opened.
2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] twistd 8.1.0 (/usr/bin/python 2.5.2) starting up
2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] reactor class: <class 'twisted.internet.selectreactor.SelectReactor'>
2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] twisted.web2.channel.http.HTTPFactory starting on 8008
2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] Starting factory <twisted.web2.channel.http.HTTPFactory instance at 0x188d7a0>
2009-03-04 11:45:47+0100 [-] [caldav-8008] [-] twisted.web2.channel.http.HTTPFactory starting on 8443
2009-03-04 11:45:48+0100 [-] [caldav-8008] [-] set uid/gid 103/105
2009-03-04 11:45:48+0100 [twistedcaldav.logging.AMPLoggingFactory] AMPLoggingProtocol connection established (HOST:UNIXSocket('/var/run/caldavd/caldavd.socket') PEER:UNIXSocket(''))
2009-03-04 11:45:48+0100 [-] [caldav-8008] [-] AMP connection established (HOST:UNIXSocket(None) PEER:UNIXSocket('/var/run/caldavd/caldavd.socket'))
2009-03-04 10:47:39+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] "Directory service <XMLDirectoryService 'DOMAIN.LOCAL': FilePath('/etc/caldavd/accounts.xml')> has no GUID; generating service GUID from realm name."
2009-03-04 10:47:39+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] "Directory service <SudoDirectoryService 'DOMAIN.LOCAL': FilePath('/etc/caldavd/sudoers.plist')> has no GUID; generating service GUID from realm name."
2009-03-04 10:47:39+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] GET /calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-04 10:47:39+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] 'Authentication failed: Invalid nonce value: 6152332 -- a lot of numbers here (ndr)-- 554623523'
2009-03-04 10:47:45+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] GET /calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-04 10:47:45+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] Exception rendering:
2009-03-04 10:47:45+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] Unhandled Error
2009-03-04 10:47:45+0100 [-] [caldav-8008] Traceback (most recent call last):
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 186, in addCallbacks
2009-03-04 10:47:45+0100 [-] [caldav-8008] self._runCallbacks()
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 328, in _runCallbacks
2009-03-04 10:47:45+0100 [-] [caldav-8008] self.result = callback(self.result, *args, **kw)
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/web2/dav/resource.py", line 722, in login
2009-03-04 10:47:45+0100 [-] [caldav-8008] d = request.portal.login(pcreds, None, *request.loginInterfaces)
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/cred/portal.py", line 114, in login
2009-03-04 10:47:45+0100 [-] [caldav-8008] return maybeDeferred(self.checkers[i].requestAvatarId, credentials
2009-03-04 10:47:45+0100 [-] [caldav-8008] --- <exception caught here> ---
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/internet/defer.py", line 106, in maybeDeferred
2009-03-04 10:47:45+0100 [-] [caldav-8008] result = f(*args, **kw)
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twistedcaldav/directory/aggregate.py", line 135, in requestAvatarId
2009-03-04 10:47:45+0100 [-] [caldav-8008] type).requestAvatarId(credentials)
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twistedcaldav/directory/directory.py", line 109, in requestAvatarId
2009-03-04 10:47:45+0100 [-] [caldav-8008] if user.verifyCredentials(credentials.credentials):
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twistedcaldav/directory/xmlfile.py", line 144, in verifyCredentials
2009-03-04 10:47:45+0100 [-] [caldav-8008] return credentials.checkPassword(self.password)
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/web2/auth/digest.py", line 153, in checkPassword
2009-03-04 10:47:45+0100 [-] [caldav-8008] calcHA1(algo, self.username, self.realm, password, nonce, cnonce),
2009-03-04 10:47:45+0100 [-] [caldav-8008] File "/usr/lib/python2.5/site-packages/twisted/web2/auth/digest.py", line 62, in calcHA1
2009-03-04 10:47:45+0100 [-] [caldav-8008] m.update(pszPassword)
2009-03-04 10:47:45+0100 [-] [caldav-8008] exceptions.TypeError: update() argument 1 must be string or read-only buffer, not None
the account.xml is:
<!DOCTYPE accounts SYSTEM "accounts.dtd">
<accounts realm="DOMAIN.LOCAL">
<user>
<uid>admin</uid>
<name>Super User</name>
</user>
<user>
<uid>marco.ghidinelli</uid>
<name>Marco Ghidinelli</name>
<cuaddr>mailto:marco.ghidinelli at domain.net</cuaddr>
</user>
</accounts>
More information about the calendarserver-users
mailing list